diff --git a/g10/ChangeLog b/g10/ChangeLog index 48e9277d6..eb0b0e34c 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,16 @@ +2004-02-24 David Shaw + + * encode.c (encode_simple): Show cipher with --verbose. + + * options.h, g10.c (main), keyedit.c (sign_keys): Add + --ask-cert-level option to enable cert level prompts during sigs. + Defaults to on. Simplify --default-cert-check-level to + --default-cert-level. If ask-cert-level is off, or batch is on, + use the default-cert-level as the cert level. + + * options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): + Simplify --min-cert-check-level to --min-cert-level. + 2004-02-23 David Shaw * options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Add diff --git a/g10/encode.c b/g10/encode.c index ad93a3aaf..ccdbb0f87 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -219,6 +219,10 @@ encode_simple( const char *filename, int mode, int use_seskey ) m_free( cfx.dek ); cfx.dek = dek; } + if(opt.verbose) + log_info(_("using cipher %s\n"), + cipher_algo_to_string(cfx.dek->algo)); + cfx.dek->use_mdc=use_mdc(NULL,cfx.dek->algo); } diff --git a/g10/g10.c b/g10/g10.c index 6bb068200..aa535fa36 100644 --- a/g10/g10.c +++ b/g10/g10.c @@ -141,12 +141,14 @@ enum cmd_and_opt_values oNoAskSigExpire, oAskCertExpire, oNoAskCertExpire, + oAskCertLevel, + oNoAskCertLevel, oFingerprint, oWithFingerprint, oAnswerYes, oAnswerNo, - oDefCertCheckLevel, - oMinCertCheckLevel, + oDefCertLevel, + oMinCertLevel, oKeyring, oSecretKeyring, oShowKeyring, @@ -402,6 +404,8 @@ static ARGPARSE_OPTS opts[] = { { oNoAskSigExpire, "no-ask-sig-expire", 0, "@"}, { oAskCertExpire, "ask-cert-expire", 0, "@"}, { oNoAskCertExpire, "no-ask-cert-expire", 0, "@"}, + { oAskCertLevel, "ask-cert-level", 0, "@"}, + { oNoAskCertLevel, "no-ask-cert-level", 0, "@"}, { oOutput, "output", 2, N_("use as output file")}, { oMaxOutput, "max-output", 16|4, "@" }, { oVerbose, "verbose", 0, N_("verbose") }, @@ -532,8 +536,9 @@ static ARGPARSE_OPTS opts[] = { { oSkipVerify, "skip-verify",0, "@" }, { oCompressKeys, "compress-keys",0, "@"}, { oCompressSigs, "compress-sigs",0, "@"}, - { oDefCertCheckLevel, "default-cert-check-level", 1, "@"}, - { oMinCertCheckLevel, "min-cert-check-level", 1, "@"}, + { oDefCertLevel, "default-cert-check-level", 1, "@"}, /* Old option */ + { oDefCertLevel, "default-cert-level", 1, "@"}, + { oMinCertLevel, "min-cert-level", 1, "@"}, { oAlwaysTrust, "always-trust", 0, "@"}, { oTrustModel, "trust-model", 2, "@"}, { oEmuChecksumBug, "emulate-checksum-bug", 0, "@"}, @@ -1323,8 +1328,9 @@ main( int argc, char **argv ) EXPORT_INCLUDE_NON_RFC|EXPORT_INCLUDE_ATTRIBUTES; opt.keyserver_options.include_subkeys=1; opt.keyserver_options.include_revoked=1; - opt.mangle_dos_filenames = 1; - opt.min_cert_check_level=1; + opt.mangle_dos_filenames=1; + opt.ask_cert_level=1; + opt.min_cert_level=1; #if defined (_WIN32) set_homedir ( read_w32_registry_string( NULL, "Software\\GNU\\GnuPG", "HomeDir" )); @@ -1597,8 +1603,8 @@ main( int argc, char **argv ) break; case oNoArmor: opt.no_armor=1; opt.armor=0; break; case oNoDefKeyring: default_keyring = 0; break; - case oDefCertCheckLevel: opt.def_cert_check_level=pargs.r.ret_int; break; - case oMinCertCheckLevel: opt.min_cert_check_level=pargs.r.ret_int; break; + case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break; + case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break; case oNoGreeting: nogreeting = 1; break; case oNoVerbose: g10_opt_verbose = 0; opt.verbose = 0; opt.list_sigs=0; break; @@ -1753,6 +1759,8 @@ main( int argc, char **argv ) case oNoAskSigExpire: opt.ask_sig_expire = 0; break; case oAskCertExpire: opt.ask_cert_expire = 1; break; case oNoAskCertExpire: opt.ask_cert_expire = 0; break; + case oAskCertLevel: opt.ask_cert_level = 1; break; + case oNoAskCertLevel: opt.ask_cert_level = 0; break; case oUser: /* store the local users */ add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings ); break; @@ -2138,8 +2146,10 @@ main( int argc, char **argv ) log_error(_("marginals-needed must be greater than 1\n")); if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 ) log_error(_("max-cert-depth must be in range 1 to 255\n")); - if( opt.min_cert_check_level < 1 || opt.min_cert_check_level > 3 ) - log_error(_("min-cert-check-level must be in the range from 1 to 3\n")); + if(opt.def_cert_level<0 || opt.def_cert_level>3) + log_error(_("invalid default-cert-level; must be 0, 1, 2, or 3\n")); + if( opt.min_cert_level < 1 || opt.min_cert_level > 3 ) + log_error(_("invalid min-cert-level; must be 1, 2, or 3\n")); switch( opt.s2k_mode ) { case 0: log_info(_("NOTE: simple S2K mode (0) is strongly discouraged\n")); @@ -2149,16 +2159,14 @@ main( int argc, char **argv ) log_error(_("invalid S2K mode; must be 0, 1 or 3\n")); } - if(opt.def_cert_check_level<0 || opt.def_cert_check_level>3) - log_error(_("invalid default-check-level; must be 0, 1, 2, or 3\n")); - /* This isn't actually needed, but does serve to error out if the string is invalid. */ if(opt.def_preference_list && keygen_set_std_prefs(opt.def_preference_list,0)) log_error(_("invalid default preferences\n")); - /* We provide defaults for the personal digest list */ + /* We provide defaults for the personal digest list. This is + SHA-1. */ if(!pers_digest_list) pers_digest_list="h2"; diff --git a/g10/keyedit.c b/g10/keyedit.c index 55e0cd90f..1a180e358 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -627,8 +627,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, if(selfsig) ; - else if(opt.batch) - class=0x10+opt.def_cert_check_level; + else if(opt.batch || !opt.ask_cert_level) + class=0x10+opt.def_cert_level; else { char *answer; @@ -638,13 +638,13 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, "above? If you don't know what to answer, enter \"0\".\n")); tty_printf("\n"); tty_printf(_(" (0) I will not answer.%s\n"), - opt.def_cert_check_level==0?_(" (default)"):""); + opt.def_cert_level==0?_(" (default)"):""); tty_printf(_(" (1) I have not checked at all.%s\n"), - opt.def_cert_check_level==1?_(" (default)"):""); + opt.def_cert_level==1?_(" (default)"):""); tty_printf(_(" (2) I have done casual checking.%s\n"), - opt.def_cert_check_level==2?_(" (default)"):""); + opt.def_cert_level==2?_(" (default)"):""); tty_printf(_(" (3) I have done very careful checking.%s\n"), - opt.def_cert_check_level==3?_(" (default)"):""); + opt.def_cert_level==3?_(" (default)"):""); tty_printf("\n"); while(class==0) @@ -653,7 +653,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, "(enter '?' for more information): ")); if(answer[0]=='\0') - class=0x10+opt.def_cert_check_level; /* Default */ + class=0x10+opt.def_cert_level; /* Default */ else if(ascii_strcasecmp(answer,"0")==0) class=0x10; /* Generic */ else if(ascii_strcasecmp(answer,"1")==0) diff --git a/g10/options.h b/g10/options.h index c12efc109..050477508 100644 --- a/g10/options.h +++ b/g10/options.h @@ -38,149 +38,151 @@ #endif EXTERN_UNLESS_MAIN_MODULE -struct { - int verbose; - int quiet; - unsigned debug; - int armor; - int compress; - char *outfile; - off_t max_output; - int dry_run; - int list_only; - int textmode; - int expert; - int ask_sig_expire; - int ask_cert_expire; - int batch; /* run in batch mode */ - int answer_yes; /* answer yes on most questions */ - int answer_no; /* answer no on most questions */ - int check_sigs; /* check key signatures */ - int with_colons; - int with_key_data; - int with_fingerprint; /* opt --with-fingerprint active */ - int fingerprint; /* list fingerprints */ - int list_sigs; /* list signatures */ - int no_armor; - int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/ - int def_cipher_algo; - int force_v3_sigs; - int force_v4_certs; - int force_mdc; - int disable_mdc; - int def_digest_algo; - int cert_digest_algo; - int def_compress_algo; - const char *def_secret_key; - char *def_recipient; - int def_recipient_self; - int def_cert_check_level; - int min_cert_check_level; - int sk_comments; - int no_version; - int marginals_needed; - int completes_needed; - int max_cert_depth; - const char *homedir; +struct +{ + int verbose; + int quiet; + unsigned debug; + int armor; + int compress; + char *outfile; + off_t max_output; + int dry_run; + int list_only; + int textmode; + int expert; + int ask_sig_expire; + int ask_cert_expire; + int batch; /* run in batch mode */ + int answer_yes; /* answer yes on most questions */ + int answer_no; /* answer no on most questions */ + int check_sigs; /* check key signatures */ + int with_colons; + int with_key_data; + int with_fingerprint; /* opt --with-fingerprint active */ + int fingerprint; /* list fingerprints */ + int list_sigs; /* list signatures */ + int no_armor; + int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/ + int def_cipher_algo; + int force_v3_sigs; + int force_v4_certs; + int force_mdc; + int disable_mdc; + int def_digest_algo; + int cert_digest_algo; + int def_compress_algo; + const char *def_secret_key; + char *def_recipient; + int def_recipient_self; + int def_cert_level; + int min_cert_level; + int ask_cert_level; + int sk_comments; + int no_version; + int marginals_needed; + int completes_needed; + int max_cert_depth; + const char *homedir; - char *display; /* 5 options to be passed to the gpg-agent */ - char *ttyname; - char *ttytype; - char *lc_ctype; - char *lc_messages; + char *display; /* 5 options to be passed to the gpg-agent */ + char *ttyname; + char *ttytype; + char *lc_ctype; + char *lc_messages; - int skip_verify; - int compress_keys; - int compress_sigs; - int always_trust; - enum - { - CO_GNUPG=0, CO_RFC2440, CO_RFC1991, CO_PGP2, CO_PGP6, CO_PGP7, CO_PGP8 - } compliance; - int pgp2_workarounds; - unsigned int emulate_bugs; /* bug emulation flags EMUBUG_xxxx */ - int shm_coprocess; - const char *set_filename; - const char *comment_string; - int throw_keyid; - int show_photos; - const char *photo_viewer; - int s2k_mode; - int s2k_digest_algo; - int s2k_cipher_algo; - int simple_sk_checksum; /* create the deprecated rfc2440 secret - key protection*/ - int not_dash_escaped; - int escape_from; - int lock_once; - char *keyserver_uri; - char *keyserver_scheme; - char *keyserver_host; - char *keyserver_port; - char *keyserver_opaque; - struct + int skip_verify; + int compress_keys; + int compress_sigs; + int always_trust; + enum { - int verbose; - int include_revoked; - int include_disabled; - int include_subkeys; - int honor_http_proxy; - int broken_http_proxy; - int use_temp_files; - int keep_temp_files; - int fake_v3_keyids; - int auto_key_retrieve; - unsigned int import_options; - unsigned int export_options; - STRLIST other; - } keyserver_options; - int exec_disable; - int exec_path_set; + CO_GNUPG=0, CO_RFC2440, CO_RFC1991, CO_PGP2, CO_PGP6, CO_PGP7, CO_PGP8 + } compliance; + int pgp2_workarounds; + unsigned int emulate_bugs; /* bug emulation flags EMUBUG_xxxx */ + int shm_coprocess; + const char *set_filename; + const char *comment_string; + int throw_keyid; + int show_photos; + const char *photo_viewer; + int s2k_mode; + int s2k_digest_algo; + int s2k_cipher_algo; + int simple_sk_checksum; /* create the deprecated rfc2440 secret + key protection*/ + int not_dash_escaped; + int escape_from; + int lock_once; + char *keyserver_uri; + char *keyserver_scheme; + char *keyserver_host; + char *keyserver_port; + char *keyserver_opaque; + struct + { + int verbose; + int include_revoked; + int include_disabled; + int include_subkeys; + int honor_http_proxy; + int broken_http_proxy; + int use_temp_files; + int keep_temp_files; + int fake_v3_keyids; + int auto_key_retrieve; unsigned int import_options; unsigned int export_options; - char *def_preference_list; - prefitem_t *personal_cipher_prefs; - prefitem_t *personal_digest_prefs; - prefitem_t *personal_compress_prefs; - int no_perm_warn; - int no_mdc_warn; - char *temp_dir; - int no_encrypt_to; - int interactive; - STRLIST sig_notation_data; - STRLIST cert_notation_data; - int show_notation; - STRLIST sig_policy_url; - STRLIST cert_policy_url; - int show_policy_url; - int use_embedded_filename; - int allow_non_selfsigned_uid; - int allow_freeform_uid; - int no_literal; - ulong set_filesize; - int fast_list_mode; - int fixed_list_mode; - int ignore_time_conflict; - int ignore_valid_from; - int ignore_crc_error; - int ignore_mdc_error; - int command_fd; - const char *override_session_key; - int show_session_key; - int use_agent; - const char *gpg_agent_info; - int merge_only; - int try_all_secrets; - int no_expensive_trust_checks; - int no_sig_cache; - int no_sig_create_check; - int no_auto_check_trustdb; - int preserve_permissions; - int no_homedir_creation; - int show_keyring; - struct groupitem *grouplist; - int mangle_dos_filenames; - int enable_progress_filter; + STRLIST other; + } keyserver_options; + int exec_disable; + int exec_path_set; + unsigned int import_options; + unsigned int export_options; + char *def_preference_list; + prefitem_t *personal_cipher_prefs; + prefitem_t *personal_digest_prefs; + prefitem_t *personal_compress_prefs; + int no_perm_warn; + int no_mdc_warn; + char *temp_dir; + int no_encrypt_to; + int interactive; + STRLIST sig_notation_data; + STRLIST cert_notation_data; + int show_notation; + STRLIST sig_policy_url; + STRLIST cert_policy_url; + int show_policy_url; + int use_embedded_filename; + int allow_non_selfsigned_uid; + int allow_freeform_uid; + int no_literal; + ulong set_filesize; + int fast_list_mode; + int fixed_list_mode; + int ignore_time_conflict; + int ignore_valid_from; + int ignore_crc_error; + int ignore_mdc_error; + int command_fd; + const char *override_session_key; + int show_session_key; + int use_agent; + const char *gpg_agent_info; + int merge_only; + int try_all_secrets; + int no_expensive_trust_checks; + int no_sig_cache; + int no_sig_create_check; + int no_auto_check_trustdb; + int preserve_permissions; + int no_homedir_creation; + int show_keyring; + struct groupitem *grouplist; + int mangle_dos_filenames; + int enable_progress_filter; } opt; diff --git a/g10/trustdb.c b/g10/trustdb.c index db63e53d3..98cba3822 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1193,7 +1193,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode, if (!IS_UID_SIG(sig) && !IS_UID_REV(sig)) continue; /* we only look at these signature classes */ if(sig->sig_class>=0x11 && sig->sig_class<=0x13 && - sig->sig_class-0x10sig_class-0x10